Information Disclosure

2023-02-0317:08:10

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

information disclosure

glance

vmdk

unauthorized access

sensitive data

0.003 Low

EPSS

Percentile

66.1%

JSON

glance is vulnerable to Information Disclosure. An authenticated attacker is able to convince systems to return a copy of a file’s contents from the server via supplying a specially created VMDK flat image that references that specific backing file path, resulting in unauthorized access to potentially sensitive data.

CPENameOperatorVersion
glance:focaleq2:20.0.0~b3~git2020041012.d5a0ce18-0ubuntu1
glance:focaleq2:20.0.1-0ubuntu1
glance:develeq2:22.0.0~b2+git2021012915.03bf00ee-0ubuntu1
glance:develeq2:21.0.0~b2~git2020073013.cfbe5f76-0ubuntu2
glance:develeq2:21.0.0-0ubuntu1
glance:sideq2:21.0.0-1
glance:sideq2:22.0.0-2
glance:bustereq2:17.0.0-4
glance:bullseyeeq2:21.0.0-1
glance:focaleq2:20.0.0~b3~git2020041012.d5a0ce18-0ubuntu1

Name	Operator	Version
glance:focal	eq	2:20.0.0~b3~git2020041012.d5a0ce18-0ubuntu1
glance:focal	eq	2:20.0.1-0ubuntu1
glance:devel	eq	2:22.0.0~b2+git2021012915.03bf00ee-0ubuntu1
glance:devel	eq	2:21.0.0~b2~git2020073013.cfbe5f76-0ubuntu2
glance:devel	eq	2:21.0.0-0ubuntu1
glance:sid	eq	2:21.0.0-1
glance:sid	eq	2:22.0.0-2
glance:buster	eq	2:17.0.0-4
glance:bullseye	eq	2:21.0.0-1
glance:focal	eq	2:20.0.0~b3~git2020041012.d5a0ce18-0ubuntu1